Google, PRISM, and Privacy

Jun 11, 2013 @ 2:22 PM

PHOTO: Google Executive Chairman Eric Schmidt. Photo by Bryan Hewitt.

On Monday, the San Francisco political roundtable Week to Week included a spirited discussion about the cascading revelations about U.S. government monitoring of phone and internet communications. What limits should there be? Who should control information? At what price do we buy security?

Less than a week earlier, The Commonwealth Club's Climate One host Greg Dalton conducted a wide-ranging conversation with Eric Schmidt, Google's executive chairman, and Jared Cohen, director of Google Ideas. Schmidt and Cohen were discussing their new book, The New Digital Age, which naturally gets into all kinds of issues of technology, privacy, and security.

The discussion took place before the recent revelations about PRISM, the program that allegedly gives the U.S. government direct access to user information on central databases of Google, Facebook, Microsoft, and other tech giants. However, Dalton asked the duo about government information gathering, personal privacy, and the Utah Data Center, all of which would be central to the controversies that arose just a few days after their conversation. Here, in their own words, is the discussion of these issues.

GREG DALTON: The [data] collection ability has given some people concern about big data or the privacy. I'd like to ask about the Utah Data Center, which is being built by the National Security Agency in the United States, [and which] reportedly collects 60 billion iPhones worth of data. That's five zettabytes? You know what those are; I don't. It's a lot of data. It's going to be online later this year.

How should the U.S. approach that? Reportedly, Thomas Drake is an NSA whistleblower who says they will collect information on Americans. Should we be concerned about that much data in the hands of the government, given the power of the tools you've been talking about?

ERIC SCHMIDT: In the industry, we've gone through a series of these proposals, and they're often somewhat over-hyped, which is what they can actually do. Let me suggest what can be done; I don't know if this proposal could be done. And then we can debate whether this is a good idea.

As I understand it, the NSA's job is essentially foreign communications; they're not allowed to operate in the United States, but I could be wrong there.

SCHMIDT: You can't ask a theoretical question [and] then assume that the people are sufficiently incompetent, they're not going to follow the law. So I think we have to assume that any activity is legally appointed. If it's not legal, then people should not do it. Certainly in America. So assuming that this is a legal activity, presumably what they would be doing — and again I'm speculating — is they'd be assembling some of this information and doing data-mining. The way you would do data-mining is you would look for patterns.

A simple example is that they're looking for people who are racketeering. You know, you'd look for the signals there. Computers are quite good at tracing this. So far, I've got everybody here in the audience quite upset; you're worried about this, you're worried about your civil liberties.

On the other hand, there's some evidence that the surveillance world is actually losing because of the amount of data that's going on. That, in fact, the amount of communication has so overwhelmed the very legitimate and proper functions of the police and the FBI and so [we] are in fact less safe as a result.

I'm not going to take a position on the specifics, but I would suggest that when you think about it, think of it in a more nuanced way. Our government does need a certain amount of ability to watch — again, legally and correctly, again [within the] law and [in] a democracy in a country like the United States. The question is, the proliferation of devices has made it very difficult for them to do it.

DALTON: Jared, your response to people concerned about their civil liberties with all these tools and tracking?

JARED COHEN: You talk about specific government-level, and then just for us as individuals, I think getting nervous about this assumes that different bureaucratic arms of the government are willing and able to work together. I'm quite serious. You have different agencies that have different authorities to collect different types of data; they're not so good at working together. So there's a level of confidence and cohesion that just isn't there.

And this is a democracy.

Eric and I went to Mexico to look at how the Mexican government was dealing with the drug cartels; it's killed more than 60,000 people in the last five to six years. We went to see this sort of underground bunker that's called Platform Mexico, where they have unbelievable -- I mean you want to talk about real government cohesion around data related to their citizens, it is here in Mexico. And this is democracy. We walk out of this thing thinking, we really hope that no autocracy ever gets their hands on that —

SCHMIDT: There was more than that, because you can imagine that for legitimate reasons. There's a terrible drug war, terrible infiltration of the police, you have to go back in Mexico. So let's assume that they get the problems fixed and five or ten years from now, [despite] of the civil liberties or protections that the Mexican citizens have, once their systems are built, they're not turned off.

This caused us to say, and we say this in the book, that you need to fight for your privacy or you're going to lose it. We were in Britain last week; there was a terrible terrorist act — one soldier was killed by one apparently lone Muslim extremist in the entire country. And the whole country's excited about this, it's obviously a terrible thing, one person's dead. The home secretary calls for broad regulations and surveillance of the Internet. Not a good thing.

So it's easy for governments to overreact and take away your privacy, your security, and so forth in the name of the security. We would say that the open principles, the way in which we work today, is a much, much better way. You'll be ultimately safer with our approach.

DALTON: There's a proposal in California, the Right to Know [Act]. It would allow citizens in California to request data from organizations so they could know what companies know about them, and that's similar to what exists in Europe. But Silicon Valley industry has opposed that. Can you tell us about your position on the right to know from consumers, how much information companies have about them?

SCHMIDT: I don't know the specific legislations so I couldn't comment.

DALTON: It was quite broad and it was …

SCHMIDT: In general, Google answers this by agreeing with the principle. For example, in Google there's a panel you can get to where not only will it show what Google knows about you but you can delete it. That I think is the correct standard. The general view we have is the information that we collect through our normal course of business with you is really for you to control. And there are some laws that cover that. So for example, you can't just delete all your searches, though we will allow you to do it yourself manually.

But generally, we keep your searches for 12-18 months, and that's largely governed by some other laws. And then we anonymize and get rid of it.

DALTON: Let's quickly ask the audience. How many of you knew that you could really find out and then delete the information Google knows about you? Maybe a third of the audience. A lot of people don't see —

SCHMIDT: One-third is pretty good. So two-thirds have now been educated by the one-third.

DALTON: Jared Cohen, should people be able to have more access to information that companies hold about them?

COHEN: We have a whole chapter in the book where we look at the future of privacy and security. There's sort of a broader point that we try to make: When you look at the existing debate around privacy, it really does center around issues related to this first 2 billion that are already online. When we traveled around to some of these other environments, you bring up privacy to people and they just sort of look at you like a deer in headlights, like, "who gets privacy?" when you're living in North Korea or Libya or Myanmar.

So we came back with a sense that when you're going to talk about privacy, you need to also talk about security. The two concepts are deeply intertwined. One observation we make is that every generation seems more willing to share than the previous generation. It seems more comfortable with it. Maybe that trend will change. In the book, we make a small argument around the role that parents will play. In the future and on the book tour, we've sort of become champions for the idea that the good old-fashioned methodology of parents intervening and talking to their kids is actually still going to be relevant.